Language of document : ECLI:EU:T:2022:223

JUDGMENT OF THE GENERAL COURT (Seventh Chamber)

6 April 2022 (*)

(Civil service – Members of the temporary staff – Post occupied requiring security clearance – Clearance refused by the national security authority – Termination of the contract – No request for a hearing – Right to be heard within the meaning of Article 11(5)(b) of Decision 2015/444)

In Case T‑568/20,

MF, represented by L. Levi, lawyer,

applicant,

v

European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), represented by M. Chiodi, acting as Agent, and by A. Duron and D. Waelbroeck, lawyers,

defendant,

THE GENERAL COURT (Seventh Chamber),

composed of R. da Silva Passos, President, L. Truchot (Rapporteur) and M. Sampol Pucurull, Judges,

Registrar: I. Pollalis, Administrator,

having regard to the written part of the procedure,

further to the hearing on 2 December 2021,

gives the following

Judgment

 Background to the dispute

1        By his action under Article 270 TFEU, lodged at the Registry of the General Court on 4 September 2020, the applicant, MF, seeks annulment, first, of the decision of the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) of 29 October 2019 terminating his employment contract (‘the contested decision’) and, second, to the extent necessary, of the decision of eu-LISA of 26 May 2020 rejecting his complaint of 29 January 2020.

2        The applicant, a Romanian national, was recruited in February 2018 by eu-LISA as a member of the temporary staff, at grade AD 5, in the Applications Management and Maintenance Unit for a period for a period of five years.

3        Pursuant to the vacancy notice for the post occupied by the applicant (‘the vacancy notice’), successful candidates were required to have, or be in a position to obtain, a valid Personnel Security Clearance Certificate (SECRET UE/EU SECRET level) issued by a competent authority. The vacancy notice provided that failure to obtain that security clearance certificate from the successful candidate’s national security authority, either during or after the expiration of the probationary period, gave eu-LISA the right to terminate any applicable employment contract.

4        On 22 February 2018, in accordance with a service level agreement between eu-LISA and the European Commission, the Security Directorate of the Commission, further to a request made by eu-LISA, requested that the competent Romanian security authority, the Oficiul Registrului Naţional al Informaţiilor Secrete de Stat (National Registry Office for Classified Information, Romania; ‘the Romanian NSA’), to initiate an investigation in relation to the applicant.

5        On 8 November 2018, the Commission Security Directorate informed the Head of the eu-LISA Security Unit that the Romanian NSA had issued a negative opinion as to the applicant’s security clearance (‘security clearance’).

6        On 30 November 2018, at an informal meeting attended by his Head of Unit and the Head of the eu-LISA Security Unit, the applicant was informed of the negative opinion issued by the Romanian NSA. By letter of 14 January 2019 from the Head of the eu-LISA Security Unit, the applicant was officially informed of that opinion.

7        By emails of 24 and 29 January 2019, eu-LISA asked the applicant to keep it informed, without delay, of his decision to lodge an appeal in Romania against the Romanian NSA’s negative opinion.

8        On 8 February 2019, the applicant lodged an appeal against that opinion with the same authority. He sent all the relevant documents to eu-LISA. That appeal was rejected by the Romanian NSA by decision of 15 April 2019.

9        On 18 March 2019, the applicant also informed eu-LISA that an appeal was pending before the Curtea de Apel București (Court of Appeal, Bucharest, Romania).

10      After consulting the Head of the Security Unit of eu-LISA and the applicant’s line manager, the Head of the General Services Unit, the Head of the Human Resources Unit and the human resources officer concluded, at a meeting held on 15 May 2019, that no other equivalent post at eu-LISA was available for a potential transfer of the applicant as all posts at eu-LISA required security clearance.

11      On 17 July 2019, the Executive Director of eu-LISA informed the applicant of his intention to terminate his contract on the grounds that the Romanian NSA had issued a negative opinion and that it was impossible, first, to transfer the applicant within eu-LISA and, second, to await the outcome of the national appeal proceedings. The Executive Director also proposed that the applicant exercise his right to be heard before a decision to terminate the contract was taken.

12      Consequently, a meeting with the Executive Director of eu-LISA took place on 12 September 2019 (‘the meeting of 12 September 2019’). On 30 September 2019, the applicant received the minutes of the interview.

13      Following that interview, the applicant claimed, by e-mail of 12 September 2019 sent to the Commission Security Unit and copied to the eu-LISA Security Unit and the Executive Director thereof, that the Commission Security Authority had not notified him of the outcome of the Romanian NSA’s security investigation. He stated that, as soon as he received that result, he would like to be heard by the Commission Security Authority in accordance with Article 11(5)(b) of Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU classified information (OJ 2015 L 72, p. 53). In the same email, he added that further clarification could then be requested from the Romanian NSA.

14      On 23 September 2019, the Commission Security Authority informed the applicant that it did not act as his security authority, since his contract had not been concluded with the Commission. It also stated that it had received a letter from the Romanian NSA stating that the incompatibility criteria for the applicant’s access to classified information were laid down by Article 160(b) of Government Decision No 585/2002 for approving the national standards on the protection of classified information in Romania.

15      On 2 October 2019, the applicant sent his comments on the minutes of the meeting of 12 September 2019 to the Executive Director of eu-LISA.

16      On 29 October 2019, the applicant was informed, first, of the termination of his contract, together with three months’ notice, on the basis of Article 47(b)(ii) of the Conditions of Employment of Other Servants of the European Union, for failure to obtain security clearance and, second, of the fact that his last day of work was set at 31 January 2020.

17      On 29 January 2020, the applicant lodged a complaint against the contested decision.

18      eu-LISA rejected the complaint by decision of 26 May 2020 (‘the decision rejecting the complaint’).

 Forms of order sought

19      The applicant claims that the Court should:

–        annul the contested decision;

–        annul, to the extent necessary, the decision rejecting the complaint;

–        order eu-LISA to pay the costs.

20      eu-LISA contends that the Court should:

–        dismiss the action;

–        order the applicant to pay the costs.

 Law

 Subject matter of the dispute

21      By his first and second heads of claim, the applicant seeks the annulment of the contested decision and of the decision rejecting the complaint, respectively.

22      It is settled case-law that claims directed against the rejection of a complaint have the effect of bringing before the Court the act against which the complaint was submitted in so far as they lack, as such, any independent content. The administrative complaint and its rejection, whether express or implied, constitute an integral part of a complex procedure and are no more than a precondition for bringing the matter before the judicature. Accordingly, the action, even though formally brought solely against the rejection of the complaint, has the effect of bringing before the Court the act adversely affecting the applicant against which the complaint was submitted, in so far as the rejection of the complaint would not have a different scope from that of the act against which the complaint was brought (judgment of 17 January 1989, Vainker v Parliament, 293/87, EU:C:1989:8, paragraph 8; see also judgments of 16 May 2019, Nerantzaki v Commission, T‑813/17, not published, EU:T:2019:335, paragraph 26 and the case-law cited; and of 27 October 2021, WM v Commission, T‑411/18, not published, EU:T:2021:742, paragraph 29). That may, in particular, be the case where the decision rejecting the complaint is purely confirmatory of the decision which is the subject of the complaint and that, therefore, the annulment of rejection of the complaint would have no effect on the legal position of the person concerned distinct from that which follows from the annulment of the act adversely affecting the applicant against which the complaint was submitted (judgments of 21 September 2011, Adjemian and Others v Commission, T‑325/09 P, EU:T:2011:506, paragraph 33, and of 16 October 2018, OY v Commission, T‑605/16, not published, EU:T:2018:687, paragraph 37).

23      Furthermore, in view of the evolving nature of the pre-litigation procedure, an express decision rejecting a complaint which contains only further particulars and thus merely reveals, in a detailed manner, the grounds for confirming the earlier decision does not constitute an act adversely affecting the person concerned. Nevertheless, that evolving nature of the pre-litigation procedure means that those further particulars must be taken into consideration in assessing the legality of the contested act (judgment of 12 December 2018, Colin v Commission, T‑614/16, not published, EU:T:2018:914, paragraph 29; see also, to that effect, judgment of 27 October 2021, WM v Commission, T‑411/18, not published, EU:T:2021:742, paragraph 30).

24      It has also been held that an express decision rejecting a complaint may, in the light of its content, not be confirmatory of the act contested by the applicant. That is the case where the decision rejecting the complaint contains a re-examination of the applicant’s situation in the light of new elements of law or of fact, or where it changes or adds to the original decision. In such circumstances, the rejection of the complaint constitutes an act subject to review by the judicature, which will take it into consideration when assessing the legality of the contested act or will even regard it as an act adversely affecting the applicant replacing the contested act (see judgments of 21 September 2011, Adjemian and Others v Commission, T‑325/09 P, EU:T:2011:506, paragraph 32, and of 21 May 2014, Mocová v Commission, T‑347/12 P, EU:T:2014:268, paragraph 34).

25      In the present case, the decision rejecting the complaint confirmed the contested decision in so far as concerns the termination of the applicant’s contract and, in particular, the absence of irregularities during the procedure which led to that decision. However, whereas, in the contested decision, which terminates the applicant’s employment contract for failure to obtain security clearance, eu-LISA concluded that it had not committed any procedural irregularity, it provided further clarification in the decision rejecting the complaint. In the latter decision, eu-LISA added that its Executive Director performed the duties of a security authority. It stated that, in view of its small size, it had a much more centralised structure than that of the European institutions. In those circumstances, according to eu-LISA, the Executive Director represented the security authority. Moreover, under Article 7(4) of the security rules adopted by Decision 2019/273 of the Management Board of eu-LISA on the security rules for protecting EU classified information in eu-LISA, the Executive Director was appointed as the latter’s security authority. In that context, at the meeting of 12 September 2019, the applicant was given an opportunity to be heard by the Executive Director, but did not submit a request to do so. eu-LISA added that it had not deprived the applicant of information communicated to the Commission by the Romanian NSA and that the resumption of the vetting process would have been of no use, particularly as it was not certain that the Romanian NSA would have altered its position, which, moreover, the latter had confirmed. Lastly, eu-LISA stated that the applicant’s failure to obtain security clearance was sufficient, in accordance with the vacancy notice, to terminate his employment contract and that his clean criminal record could not influence the outcome of the security investigation. Having a clean criminal record did not guarantee that security clearance could be obtained under national security rules.

26      It does not follow from the decision rejecting the complaint that it contains a re-examination of the applicant’s situation taking account of new matters of law or of fact, or that it amends or adds to the contested decision. On the contrary, while confining itself to providing further particulars, the decision rejecting the complaint confirmed the contested decision.

27      In the light of the case-law cited in paragraphs 22 and 23 above, the clarification provided in the decision rejecting the complaint constitutes grounds for confirming the contested decision only, and cannot make the decision rejecting the complaint an act adversely affecting the applicant. The second head of claim directed against the decision rejecting the complaint is thus devoid of any independent content and must therefore be regarded as formally directed against the contested decision (see, to that effect, judgment of 12 December 2018, Colin v Commission, T‑614/16, not published, EU:T:2018:914, paragraph 30). Nevertheless, in accordance with the case-law cited in paragraph 23 above, the lawfulness of that decision must be examined taking into account the reasons set out in the decision rejecting the complaint.

28      In the light of the foregoing, there is no need to adjudicate separately on the second head of claim seeking annulment of the decision rejecting the complaint.

 The single plea in law, alleging infringement of Article 11(5)(b) of Decision 2015/444 and Article 11(5)(b) of the eu-LISA security rules

29      The applicant claims, as a preliminary point, that he does not dispute, first, that, based on the requirements of the vacancy notice, the failure to obtain security clearance could lead to the termination of his employment contract and, second, that eu-LISA was bound by the assessment and recommendation of the Romanian NSA concerning that clearance.

30      However, the applicant maintains that, under Article 11(5)(b) of Decision 2015/444 and Article 11(5)(b) of the eu-LISA security rules, he should have been heard, at his request, by the eu-LISA Security Officer, who could in turn have requested any further clarification from the Romanian NSA, which could have resulted in security clearance being granted. In that case, there would have been no valid reason to terminate the applicant’s contract.

31      The applicant states that, on 12 September and 2 October 2019, he did in fact ask to be heard by the eu-LISA Security Officer and that, despite his request, he was not granted that right, whereas a favourable response could have influenced the decision on the termination of his contract.

32      The applicant argues that the relevant legal framework is that laid down by Decision 2015/444, to which reference is made in the vacancy notice, as implemented by eu-LISA pursuant to the draft version of its security rules, which were amended after the meeting of 12 September 2019 by Decision 2019/273. Despite the fact that the document produced by the applicant and setting out the security rules of eu-LISA contains the word ‘draft’ and was never formally adopted, it reflects the established practice applicable within eu-LISA prior to the adoption of Decision 2019/273. Furthermore, prior to the adoption of that decision, there were no security rules for protecting EU classified information specific to eu-LISA, whereas the latter was, according to the applicant, required to adopt its own security rules. Thus, the contested decision was taken without any legal basis, since eu-LISA had failed to adopt those rules.

33      According to the applicant, there are two reasons why his meeting with the Executive Director of eu-LISA of 12 September 2019 cannot be regarded as a hearing conducted pursuant to Article 11(5)(b) of the eu-LISA security rules.

34      First, at the meeting of 12 September 2019, the Executive Director had neither the power nor the intention to act as the eu-LISA Security Authority. The applicant adds that, during that meeting, eu-LISA wrongly suggested to him that the Commission Security Authority was competent to ensure respect for his procedural rights.

35      Second, the applicant observes that, as the Executive Director of eu-LISA also indicated in the introduction to the meeting of 12 September 2019, the purpose of that meeting was not to influence the outcome of the vetting process, but simply to decide on the consequences which should result from it.

36      The applicant adds that, while it is true that the eu-LISA Security Officer was under no obligation to request further clarification from the Romanian NSA, such a decision could have been taken only on the basis of the applicant being heard beforehand. He infers from this that it cannot be ruled out that, following such a hearing and on account of his clean criminal record, the competent security officer could have deemed it necessary to seek such clarification. eu-LISA could not substitute its own assessment for that of the Romanian NSA and consider that the latter would not alter its decision. Moreover, in accordance with Article 11(4) of Decision 2015/444 and the applicable eu-LISA security rules, eu-LISA was in fact under an obligation to inform the Romanian NSA of the inconsistencies between the applicant’s clean criminal record and the negative opinion issued by the latter based on a criminal offence which was supposed no longer to exist on record.

37      The applicant’s clean criminal record, resulting from rehabilitation by operation of law in October 2004, contradicts the Romanian NSA’s negative opinion, so that the latter could have reviewed its decision if eu-LISA had drawn its attention to that point by seeking clarification. The applicant claims, furthermore, that the Romanian NSA recommended that the competent security authority resume the vetting process, which eu-LISA refused to do.

38      eu-LISA disputes that line of argument.

39      In so far as the single plea is based on infringement of two rules of law which are mutually incompatible, it is necessary, first of all, to determine the legal rules applicable to the present dispute and then to examine, in the light of the rules thus determined, the applicant’s claims.

 The legal rules applicable

40      The applicant alleges infringement of Article 11(5)(b) of Decision 2015/444 and of Article 11(5)(b) of the provisional version of the eu-LISA security rules.

41      In response to a question put by the Court in the context of measures of organisation of procedure and at the hearing, the applicant specified the acts which, in his view, may be applied to the present case.

42      First, after referring to Decision 2019/273, the applicant observes that, since that decision was adopted after the contested decision, it is not applicable.

43      Second, the applicant refers to Decision 2015/444, which is applicable to the present case mutatis mutandis, namely by taking into account the draft version of the eu-LISA security rules, produced by the applicant and which, in his view, formalises eu-LISA practice at the material time, even though it did not enter into force.

44      Third, the applicant refers to Decision 2016/133 REV 3 of the Management Board of eu-LISA concerning the latter’s security rules, stating that he thereby seeks to demonstrate that the document produced by eu-LISA, entitled ‘Agency General Information Security Policy’, was no longer in force at the material time and that, consequently, eu-LISA did not have a security authority authorised by its Management Board at that time.

45      According to eu-LISA, until the entry into force of Decision 2019/273, Decision 2015/444 was applicable mutatis mutandis.

46      In that regard, in the first place, it should be noted that, as the parties agree, the draft version of the eu-LISA security rules was never adopted. It follows that it did not enter into force and is therefore not applicable to the present dispute.

47      In the second place, it should be observed that Decision 2019/273, which has not been officially published and the date of adoption and entry into force of which is not apparent from the information before the Court, would have been adopted and entered into force, according to eu-LISA – without being challenged on this point by the applicant – in November 2019, that is, subsequent to the adoption of the contested decision, with the result that Decision 2019/273 is not applicable to the present dispute.

48      In the third place, as regards Decision 2016/133 REV 3, first, it should be noted that, in his single plea in law, the applicant does not claim that any of the provisions of that decision was disregarded. Second, the applicant relies on that decision in order to challenge the relevance, in the present dispute, of the document produced by eu-LISA. It follows that Decision 2016/133 REV 3 is not amongst the legal rules capable of characterising the right to be heard which forms the basis of the single plea in law relied on by the applicant.

49      In the fourth place, in so far as concerns Decision 2015/444, it is necessary to examine whether, as the parties maintain, that act is applicable mutatis mutandis to eu-LISA. That decision, which, according to Article 2(1) thereof, defines the basic principles and minimum standards of security for protecting EU classified information, applies, according to Article 2(2) thereof, to all Commission departments, without making reference to other EU institutions, bodies, offices or agencies.

50      For the purposes of determining whether Decision 2015/444 is applicable to eu-LISA, it should first be recalled that Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on eu-LISA, amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 No 1077/2011 (OJ 2018 L 295, p. 99) substituted eu-LISA for the former agency set up by Regulation (EU) No 1077/2011 of the European Parliament and of the Council of 25 October 2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ 2011 L 286, p. 1).

51      Article 19(1)(z) and (aa) of Regulation 2018/1726 provides that the Management Board of eu-LISA is to adopt the necessary security measures and ‘the security rules on the protection of classified information and non-classified sensitive information following approval by the Commission’.

52      Under Article 37(1) of that regulation, eu-LISA is to adopt ‘its own security rules based on the principles and rules laid down in the Commission’s security rules for protecting European Union Classified Information (EUCI) and sensitive non-classified information’.

53      However, in spite of its obligation to adopt its own rules for protecting classified information pursuant to the provisions cited in paragraphs 51 and 52 above, eu-LISA does not dispute that it failed to fulfil that obligation prior to the adoption of Decision 2019/273.

54      As a result of that failure to fulfil that obligation, Article 55 of Regulation 2018/1726 – under which ‘internal rules and measures adopted by the Management Board on the basis of Regulation … No 1077/2011 shall remain in force after 11 December 2018, without prejudice to any amendments thereto required by this Regulation’ – was applied.

55      It follows from that provision that internal rules, which include the security rules for the protection of classified information applicable to the agency established by Regulation No 1077/2011, were also applicable to eu-LISA from the time when it was established by Regulation 2018/1726.

56      Consequently, in the absence of any exercise on the part of eu-LISA of its power to adopt security rules for protecting classified information at the material time, it is necessary to determine the rules applicable to the Agency established by Regulation No 1077/2011 in this area and which, pursuant to Article 55 of Regulation 2018/1726, applied to eu-LISA between the date of its establishment and that of the adoption of its own security rules for the purposes of protecting classified information under Regulation No 2019/273.

57      In that connection, as regards the agency established by Regulation No 1077/2011, Article 29 thereof, concerning security rules for protecting classified information and non-classified sensitive information, provides:

‘1.      The Agency shall apply the security principles laid down in Commission Decision 2001/844/EC, ECSC, Euratom of 29 November 2001 amending its internal Rules of Procedure, including the provisions for the exchange, processing and storage of classified information, and measures on physical security.

2.      The Agency shall also apply the security principles relating to the processing of non-classified sensitive information as adopted and implemented by the Commission.

…’

58      It follows from that provision that the security principles laid down by Commission Decision 2001/844/EC, ECSC, Euratom of 29 November 2001 amending its internal Rules of Procedure (OJ 2001 L 317, p. 1) on the protection of classified information were applicable to the agency established by Regulation No 1077/2011 as from the date of entry into force of the latter regulation.

59      However, Decision 2001/844, cited in Article 29 of Regulation No 1077/2011, was repealed by Article 58 of Decision 2015/444, which provides that the latter decision is to replace Decision 2001/844. Pursuant to Article 61 of Decision 2015/444, the provisions providing for the repeal of Decision 2001/844 and its replacement by Decision 2015/444 entered into force on 18 March 2015.

60      It follows that, pursuant to Article 55 of Regulation 2018/1726, which maintains in force after 11 December 2018 the internal rules and measures adopted by the Management Board of the agency established by Regulation No 1077/2011 on the basis of that regulation, Article 29 of Regulation No 1077/2011, which referred to the security principles laid down in Decision 2001/844, must be interpreted as meaning that, from the repeal of that decision and its replacement by Decision 2015/444, it referred to the latter decision.

61      It follows that, since Decision 2015/444 replaced Decision 2001/844 with effect from 18 March 2015, the agency established by Regulation No 1077/2011 was subject to the security principles laid down by Decision 2015/444, in so far as concerns the security rules for protecting classified information, as of that date.

62      That conclusion is supported by recital 3 of Decision 2016/133 REV 3, from which it follows that, pursuant to Article 29(1) and (2) of Regulation No 1077/2011, the agency established by that regulation applied the security principles for protecting classified information set out in Decision 2015/444.

63      Consequently, in the light of the considerations set out in paragraph 55 above, eu-LISA had, from its establishment by Regulation 2018/1726 until the adoption of its own security rules for protecting classified information by way of Decision 2019/273, pursuant to Article 55 of Regulation 2018/1726, to apply the security principles for protecting classified information laid down in Decision 2015/444 as rules applicable to the agency created by Regulation No 1077/2011.

64      It follows from all the foregoing that Decision 2015/444, in particular Article 11(5)(b) thereof, on which the single plea in law relied on by the applicant is based, was applicable to eu-LISA at the material time, which eu-LISA, moreover, does not dispute.

 Infringement of Article 11(5)(b) of Decision 2015/444

65      As a preliminary point, it should be noted that it is common ground that the applicant was heard on 12 September 2019, prior to the adoption of the contested decision, on the subject of the termination of his employment contract.

66      The applicant maintains, however, that he was not heard by the eu-LISA Security Authority on the outcome of the security investigation, in breach, in particular, of Article 11(5)(b) of Decision 2015/444.

67      For its part, eu-LISA states that the applicant was not heard on the outcome of the vetting process, since he had not made any request in that regard prior to the meeting of 12 September 2019. In its replies to questions put by the Court, eu-LISA states that no request for a hearing was made by the applicant in accordance with Article 11(5)(b) of Decision 2015/444.

68      It is therefore necessary to determine whether the absence of the hearing provided for by Article 11(5)(b) of Decision 2015/444 is such as to render the contested decision unlawful.

69      Article 11(5)(b) of Directive 2015/444 provides:

‘5.      Following completion of the security investigation, and as soon as possible after having been notified by the relevant NSA of its overall assessment of the findings of the security investigation, the [eu-LISA] Security Authority:

(b)      shall, where the security investigation does not result in [the] assurance [that nothing adverse is known which would call into question the loyalty, trustworthiness and reliability of the individual], in accordance with the relevant rules and regulations, notify the individual concerned, who may ask to be heard by the Commission Security Authority, who in turn may ask the competent NSA for any further clarification it can provide according to its national laws and regulations. If the outcome of the security investigation is confirmed, the authorisation for access to EUCI shall not be issued.’

70      It follows from that provision that a hearing by the competent security authority for the person concerned is subject to the submission by that person of a request to that effect.

71      The applicant submits that he asked to be heard, on the basis of Article 11(5)(b) of Decision 2015/444, during the meeting of 12 September 2019 and in an email of the same date sent to the Commission Security Authority, as well as on 2 October 2019, in his comments on the minutes of the meeting of 12 September 2019.

72      As regards the meeting of 12 September 2019, it is not apparent from the report which was drawn up, the content of which is not disputed before the Court, that the applicant asked to be heard by the eu-LISA Security Authority on the day of that meeting. The applicant merely complained of procedural shortcomings on the part of the Commission and asked eu-LISA to (i) inform him of the measures taken by that institution’s Security Authority, and (ii) confirm whether the Commission had complied with the procedure laid down in Article 11 of Decision 2015/444.

73      Consequently, it does not appear that, during the meeting of 12 September 2019, the applicant asked eu-LISA to be heard in accordance with Article 11(5)(b) of Decision 2015/444.

74      As regards the email sent by the applicant to the Commission on 12 September 2019, it should be noted that eu-LISA was the recipient of a copy of that email only. Since, therefore, it was not the main addressee thereof, eu-LISA could not be required to interpret that email as a request addressed to it in that capacity and to deal with that request in that capacity. Furthermore, in the same email, the applicant claimed that the Commission Security Authority had not notified him of the outcome of the Romanian NSA’s security investigation. He stated that, as soon as he received that result, he wished to be heard by the Commission Security Authority in accordance with Article 11(5)(b) of Decision 2015/444. In its email of 23 September 2019, the Commission replied to the applicant that the security authority at eu-LISA, the latter being his employer, was his security authority, not that of the Commission.

75      It follows that it cannot be considered that, in his email of 12 September 2019, the applicant asked eu-LISA to be heard within the meaning of Article 11(5)(b) of Decision 2015/444.

76      The applicant states, however, that eu-LISA suggested to him, at the meeting of 12 September 2019, that the Commission Security Authority was competent to ensure respect for his procedural rights.

77      It is apparent from the minutes of the meeting of 12 September 2019 that, in response to the applicant’s arguments relating to procedural omissions on the part of the Commission, eu-LISA stated that, if the applicant considered that the Commission had not respected his procedural rights, he should contact the latter. eu-LISA added that it had complied with all the procedural steps in its relationship with the applicant. The argument put forward by the applicant must therefore be rejected as having no factual basis.

78      As regards the email of 2 October 2019, it should be noted that, in that email, the applicant complained of a breach of his procedural rights resulting from the fact that eu-LISA had failed to notify him of the reasons for the Romanian NSA’s negative opinion, that he had not been heard and that eu-LISA had not requested further clarification from the Romanian NSA.

79      It does not therefore follow from the email of 2 October 2019 that either of the complaints addressed by the applicant to eu-LISA can be treated in the same way as a request for a hearing under Article 11(5)(b) of Decision 2015/444.

80      Consequently, it has not been demonstrated that the applicant applied to eu-LISA to be heard by the security authority within the meaning of Article 11(5)(b) of Decision 2015/444, with the result that he cannot rely on an infringement of the right to be heard laid down by that provision.

81      In any event, even if it could be considered that a request to be heard within the meaning of Article 11(5)(b) of Decision 2015/444 was submitted by the applicant to eu-LISA, but was not followed by a hearing by its security authority, it is necessary to examine whether it is established that that procedural irregularity could have influenced the content of the contested decision, since, according to the case-law, if there is no such effect, the contested procedural irregularity cannot lead to the annulment of the contested decision (see, to that effect, judgment of 22 March 2018, HJ v EMA, T‑579/16, not published, EU:T:2018:168, paragraph 55).

82      In that regard, the applicant relies on his clean criminal record and submits, on that basis, that eu-LISA could have sought clarification from the Romanian NSA and drawn the latter’s attention to the contradiction, according to the applicant, between that document and the negative opinion that it gave, based on offences committed by the applicant at the end of the 1990s.

83      Suffice it to note that it follows from the wording of Article 11(5)(b) of Decision 2015/444, according to which the security authority may ask the competent NSA for any further clarification, that the eu-LISA Security Authority merely has the option to make such a request and that it is not, therefore, under any obligation in that regard. Consequently, had a hearing under that provision been held, eu-LISA would not have been required to seek further clarification from the Romanian NSA.

84      Furthermore, even if the eu-LISA had requested further clarification from that national authority, it has not been established that that step could have had any influence whatsoever on the content of the contested decision.

85      It is apparent from the application lodged by the applicant in his administrative appeal before the Romanian NSA against that institution’s negative opinion – which application has been produced by the applicant – that he had already relied before that authority on the lack of any reference to the offences committed at the end of the 1990s on his criminal record following rehabilitation by operation of law. That appeal was dismissed by the Romanian NSA in its decision of 15 April 2019, produced by eu-LISA as an annex to its defence.

86      The applicant has failed to set out the reasons why he takes the view that the Romanian NSA would have changed the meaning of its opinion on the basis of his clean criminal record, when it did not do so following his administrative appeal, in which he relied on the same argument.

87      As regards the applicant’s claim that the Romanian NSA recommended that the Commission Security Authority resume the vetting process, which eu-LISA refused to do when the applicant subsequently applied to it, it must be observed that that allegation has not been substantiated.

88      In its letter of 15 January 2020, the Romanian NSA merely informed the applicant that it regarded the appropriateness of deciding to resume the vetting process on behalf of the applicant as a matter for the Commission. It follows that no recommendation to resume the vetting process was sent to the Commission Security Authority by the Romanian NSA.

89      It follows from the foregoing that the applicant has failed to demonstrate that if he had been heard in accordance with Article 11(5)(b) of Decision 2015/444, that hearing could have influenced the content of the contested decision. It has not been established that his arguments were capable of affecting the outcome of the Romanian NSA’s security investigation.

90      The applicant acknowledges, first, that eu-LISA was bound by the general assessment, provided for in Article 11(5) of Decision 2015/444, of the Romanian NSA for the purposes of deciding on security clearance and, second, that, on the basis of the conditions laid down in the vacancy notice, cited in paragraph 3 above, the failure to obtain security clearance gave eu-LISA the right to terminate his employment contract.

91      In the light of all of the foregoing, the single plea in law must be rejected and, accordingly, the action dismissed.

 Costs

92      Under Article 134(1) of the Rules of Procedure of the General Court, the unsuccessful party is to be ordered to pay the costs if they have been applied for in the successful party’s pleadings.

93      Since the applicant has been unsuccessful, it must be ordered to pay the costs, in accordance with the form of order sought by eu-LISA.

On those grounds,

THE GENERAL COURT (Seventh Chamber)

hereby:

1.      Dismisses the action;

2.      Orders MF to pay the costs.

da Silva Passos

Truchot

Sampol Pucurull

Delivered in open court in Luxembourg on 6 April 2022.

E. Coulon

 

S. Papasavvas

Registrar

 

President


*      Language of the case: English.